Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/0a0c19-023c-40f5-a772-ebd69d7734f0/1/w2Ta-rPPbmIQNKq-ipxVWX-8dg4.roa
File:                     w2Ta-rPPbmIQNKq-ipxVWX-8dg4.roa (raw, json)
Hash identifier:          gcIiCCsS3PcYcJA4aDFua+5XE66yaXHV16D0VY59VUM=
Subject key identifier:   C3:64:DA:FA:B3:CF:6E:62:10:34:AA:BE:8A:9C:55:59:7F:BC:76:0E
Certificate issuer:       /CN=f0023ce2ba5a1d4fd0a5e227de74cbc41d2bb9c8
Certificate serial:       019C6B41135E772DD25103109D73C65DE409
Authority key identifier: F0:02:3C:E2:BA:5A:1D:4F:D0:A5:E2:27:DE:74:CB:C4:1D:2B:B9:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8AI84rpaHU_QpeIn3nTLxB0rucg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/0a0c19-023c-40f5-a772-ebd69d7734f0/1/w2Ta-rPPbmIQNKq-ipxVWX-8dg4.roa
Signing time:             Tue 17 Feb 2026 10:59:12 +0000
ROA not before:           Tue 17 Feb 2026 10:59:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     41377
IP address blocks:        195.3.140.0/22 maxlen: 22
                          195.3.140.0/23 maxlen: 23
                          195.3.142.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/0a0c19-023c-40f5-a772-ebd69d7734f0/1/8AI84rpaHU_QpeIn3nTLxB0rucg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/0a0c19-023c-40f5-a772-ebd69d7734f0/1/8AI84rpaHU_QpeIn3nTLxB0rucg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8AI84rpaHU_QpeIn3nTLxB0rucg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:6b:41:13:5e:77:2d:d2:51:03:10:9d:73:c6:5d:e4:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0023ce2ba5a1d4fd0a5e227de74cbc41d2bb9c8
        Validity
            Not Before: Feb 17 10:59:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c364dafab3cf6e621034aabe8a9c55597fbc760e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:e9:dc:f1:35:b2:62:c2:75:8b:91:be:04:01:
                    79:79:c9:df:02:13:1d:2e:52:7e:b4:a1:b2:19:41:
                    4e:8a:e7:ea:ea:b5:d7:ef:6e:de:92:62:01:6b:29:
                    d5:cd:62:08:89:d2:20:09:04:6f:ca:39:3d:fc:9a:
                    fe:8e:1b:46:b4:21:f6:cd:44:d8:26:1f:42:06:ec:
                    54:9d:14:b2:92:89:3a:3b:c2:c2:77:a1:a9:33:1a:
                    68:a5:1e:35:f9:90:e6:17:94:30:f2:46:ab:26:64:
                    6a:e1:c0:b8:60:07:80:7c:96:26:a0:c6:db:d1:9e:
                    18:aa:97:a8:4f:2f:81:c9:87:2c:43:c0:c5:4b:55:
                    a5:34:aa:a1:28:4e:0b:fe:75:64:0c:aa:52:53:41:
                    78:f0:47:d9:34:78:b1:c9:af:22:f5:13:4d:78:3f:
                    f3:78:c5:c1:9d:dd:38:2f:dd:d4:94:a7:2c:44:63:
                    e6:bd:ca:32:98:45:5f:ed:01:ca:b5:bb:e4:da:36:
                    fa:99:aa:e6:91:e8:e2:e4:6f:fb:7d:26:bd:15:80:
                    85:19:c8:a9:aa:8f:31:0e:e1:0b:fa:3a:a7:6b:c5:
                    85:5f:e8:74:8d:36:16:b7:77:79:af:18:cb:21:4b:
                    52:d6:12:ee:19:78:c8:4c:b3:c8:95:a1:2c:b1:16:
                    8f:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:64:DA:FA:B3:CF:6E:62:10:34:AA:BE:8A:9C:55:59:7F:BC:76:0E
            X509v3 Authority Key Identifier:
                keyid:F0:02:3C:E2:BA:5A:1D:4F:D0:A5:E2:27:DE:74:CB:C4:1D:2B:B9:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8AI84rpaHU_QpeIn3nTLxB0rucg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/0a0c19-023c-40f5-a772-ebd69d7734f0/1/w2Ta-rPPbmIQNKq-ipxVWX-8dg4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/0a0c19-023c-40f5-a772-ebd69d7734f0/1/8AI84rpaHU_QpeIn3nTLxB0rucg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.3.140.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5e:70:11:ac:0b:d9:2f:25:3c:db:74:43:1d:34:e8:e6:59:e0:
         96:6f:30:68:36:3b:b1:ff:ac:e6:e8:30:14:b1:77:1b:55:56:
         b5:c6:93:5c:58:d7:8d:d4:b4:58:61:f9:6b:13:90:5d:79:07:
         81:85:c3:ea:fa:3c:7e:f9:96:8a:6b:88:6c:f9:ff:0e:67:3f:
         90:6d:34:a6:05:90:a6:fd:db:b8:88:62:fa:5b:a9:a7:21:2f:
         1f:22:cf:d6:c5:6a:44:93:e6:2d:94:94:26:6d:89:2f:67:a1:
         78:69:0c:a8:61:3c:8b:38:c0:e3:d3:b0:e2:1c:01:40:7f:af:
         25:76:a3:2e:be:a6:dd:27:4a:47:b5:5a:01:a8:60:96:b7:9f:
         ba:3b:fc:78:8a:cc:f2:fe:0e:11:4a:d1:dd:88:ab:2d:2f:57:
         20:ce:fd:91:5c:46:ed:47:b1:8e:9f:29:c6:60:0b:59:17:0f:
         0c:cb:6c:38:1d:d1:5d:5e:fa:f9:b6:fe:3b:42:f9:80:14:a8:
         17:19:dd:60:46:ec:c5:0f:f9:5d:3a:fc:dd:ce:97:42:fb:d2:
         3c:53:53:1c:ce:f8:9e:f4:3e:fe:fc:7d:5b:5d:38:c0:d5:39:
         8f:84:3e:19:03:34:7c:89:a3:c5:53:12:d0:7d:cf:6d:c8:38:
         34:e4:16:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxrQRNedy3SUQMQnXPGXeQJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwMDIzY2UyYmE1YTFkNGZkMGE1ZTIyN2RlNzRjYmM0MWQy
YmI5YzgwHhcNMjYwMjE3MTA1OTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzY0ZGFmYWIzY2Y2ZTYyMTAzNGFhYmU4YTljNTU1OTdmYmM3NjBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Onc8TWyYsJ1i5G+BAF5ecnfAhMd
LlJ+tKGyGUFOiufq6rXX727ekmIBaynVzWIIidIgCQRvyjk9/Jr+jhtGtCH2zUTY
Jh9CBuxUnRSykok6O8LCd6GpMxpopR41+ZDmF5Qw8karJmRq4cC4YAeAfJYmoMbb
0Z4YqpeoTy+ByYcsQ8DFS1WlNKqhKE4L/nVkDKpSU0F48EfZNHixya8i9RNNeD/z
eMXBnd04L93UlKcsRGPmvcoymEVf7QHKtbvk2jb6marmkeji5G/7fSa9FYCFGcip
qo8xDuEL+jqna8WFX+h0jTYWt3d5rxjLIUtS1hLuGXjITLPIlaEssRaPyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMNk2vqzz25iEDSqvoqcVVl/vHYOMB8GA1UdIwQY
MBaAFPACPOK6Wh1P0KXiJ950y8QdK7nIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEFJODRycGFIVV9RcGVJbjNuVEx4QjBydWNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC8wYTBjMTktMDIzYy00MGY1LWE3NzIt
ZWJkNjlkNzczNGYwLzEvdzJUYS1yUFBibUlRTktxLWlweFZXWC04ZGc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC8wYTBjMTktMDIzYy00MGY1LWE3NzItZWJkNjlkNzczNGYw
LzEvOEFJODRycGFIVV9RcGVJbjNuVEx4QjBydWNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwwOMMA0G
CSqGSIb3DQEBCwUAA4IBAQBecBGsC9kvJTzbdEMdNOjmWeCWbzBoNjux/6zm6DAU
sXcbVVa1xpNcWNeN1LRYYflrE5BdeQeBhcPq+jx++ZaKa4hs+f8OZz+QbTSmBZCm
/du4iGL6W6mnIS8fIs/WxWpEk+YtlJQmbYkvZ6F4aQyoYTyLOMDj07DiHAFAf68l
dqMuvqbdJ0pHtVoBqGCWt5+6O/x4iszy/g4RStHdiKstL1cgzv2RXEbtR7GOnynG
YAtZFw8My2w4HdFdXvr5tv47QvmAFKgXGd1gRuzFD/ldOvzdzpdC+9I8U1Mczvie
9D7+/H1bXTjA1TmPhD4ZAzR8iaPFUxLQfc9tyDg05Bbs
-----END CERTIFICATE-----